php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Request #36483 phpize php_autoconf security fix
Submitted: 2006-02-22 00:26 UTC Modified: 2010-12-22 12:47 UTC
Votes:6
Avg. Score:4.2 ± 0.9
Reproduced:6 of 6 (100.0%)
Same Version:2 (33.3%)
Same OS:1 (16.7%)
From: david at davidfavor dot com Assigned:
Status: Not a bug Package: *General Issues
PHP Version: 5.1.2 OS: RedHat EL-4
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: david at davidfavor dot com
New email:
PHP Version: OS:

 

 [2006-02-22 00:26 UTC] david at davidfavor dot com 
Description:
------------
Since I've only installed PHP the first time, please
route this the the correct place.

There are many reports that resemble this:

   /usr/local/bin/phpize:
   /tmp/tmpEcSnL3/apd-1.0.1/build/shtool:
   /bin/sh: bad interpreter: Permission denied
   Cannot find autoconf. Please check your autoconf
   installation and the $PHP_AUTOCONF environment
   variable is set correctly and then rerun this script.

   ERROR: `phpize' failed

The problem is the pear command seems to be be violate
usual security precautions.

That is mounting /tmp with the noexec option disallows
the execution of /tmp/*/shtool. The fix seems to be
maybe checking the executability of scripts on /tmp
first and prompting the user for an alternative
directory first.

The ugly work around is to change /etc/fstab to allow
/tmp files to be executed... Shudder...

Reproduce code:
---------------
1) In /etc/fstab:

   /dev/hda3 /tmp ext3 defaults,noexec 1 0

2) reboot

3) pear install pecl/pdflib

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-12-22 12:47 UTC] johannes@php.net
-Status: Open +Status: Bogus -Package: Feature/Change Request +Package: *General Issues
 [2010-12-22 12:47 UTC] johannes@php.net 
This is a PEAR issue. Please report on pear.php.net.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Mon Dec 15 08:00:01 2025 UTC